I have a lab setup with a 1721 connected to the Internet. I have enabled ip inspection with several engines including http and https, on the outside interface out bound. I also have an access list on the outside interface blocking inbound traffic. It seems that recently I discovered that when trying to download from Rapidshare and Hotfile sites, the download begins and then hangs pretty quickly. I have confirmed that if I disable the ip inspect out and the ip access group in, the downloads work as expected.
I have also checked the logs and don't see any denys so I can't figure why the connection gets dropped. Is there any other debugs that might lead me to find the problem? I have never had this issue until recently, so I don't know if Rapidshare and other providers have changed something.
Thanks, I'll try that. One other question. I was looking on Cisco.com and found some sample configs, and they all had the inspect on the inside interface coming in to it. Is this a preferred method, as opposed to having it on the outside going out? Also, if the router is setup as a DNS server, what is required to let the dns replys back in, I kept seeing drops of udp(53). I had to change the workstation to use the dns server directly instead of relaying through the router.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...